"One bit of advice: it is important to view knowledge as sort of a semantic tree -- make sure you understand the fundamental principles, ie the trunk and big branches, before you get into the leaves/details or there is nothing for them to hang on to." - Elon Musk"There are lies, damned lies, and launch schedules." - Larry J

For those who don't know, the way engineers assess risk is with Risk Priority Number spreadsheets. Basically the risk is broken down into 3 parts: the possible Severity of the risk, the Frequency or Occurrence of the risk, and the ability to Detect or Prevent the risk. Each part is given a number between 1 and 10, one being the least and 10 the most. These numbers are then multiplied together, with the final number assessing the risk on a scale of 1-1000. Then risks with the highest numbers are given the highest priority for correction or reduction.

Wow, that method is just wrong. The range should be from 0 to 10, with any real value in between (a mathematician would have any value between 0 and 1). A way better estimate of the risk is

integral from 0 to m_max integral from 0 to v_max S(m*v²/2)*A*T*P(m,v)*D(m) dm dv

where

A = cross sectional area of spacecraftT = time in orbitm = mass of debrism_max = maximum debris massv = velocity of debrisv_max = maximum debris velocityS(E) = severity as a function of impact energyP(m,v) = mass and velocity debris probability distribution per unit area and unit timeD(m) = Detect or Prevent as a function of debris mass

A good engineer should be able to come up with estimates of these functions.

Quote

We know that MMOD strikes occur on every spaceflight, so that's also a 10.

That would result in an over estimation of the risk. Most impacts are very small which have almost zero risk.

Again, just because there haven't been catastrophic failures doesn't mean there is no risk.

Literally nobody is saying that. Why do you keep repeating it like someone is?

Quote

The overall risk level is still high because a MMOD strike to a critical system could easily cause loss of crew or vehicle.

Actually, based on the number of LOV (zero) from MMOD damage on a rather large number of flights, this is provably wrong. Depending on your definition of "high", I guess. Certainly the risk level is high compared to flying in an airplane. Compared to the Shuttle risks not associated with MMOD I'd say they are rather low.

Regrettably, that's not how statistics work. The fact that Shuttle had the failures that it had, and not MMOD, might have been by pure chance. There's not enough statistical samples in all Shuttle history to say otherwise.Challenger was a particularly bad example, because at those temperatures it was to fail. It was almost a certainty. Edward Tufte book is more than clear on that. You use statistics for things that are chance, but if you get out of the specified range, you might get into straight certainties.

I believe it's quite important that we frame the ASAP's problem clearly:They want a probability of LOC to be less than 1/270 chance, for a crewed vehicle that launches, stays docked at the ISS for 210days and returns safely.Launch and return might well be characterized by all launch history. But the 210 days stay is what has (relatively speaking) little history. 210days per 270 means that a ship should be in space 155 years before having a MMOD of a severity that would cause a LOC. And that's actually not true because that assumes that launch and re-entry risks are zero. So the actual target might be 500years or more.Current flight history of every single crewed and robotic ship has zero statistical significance here. This require extensive engineering to came up with good estimations. It will probably also constrain orbital attitudes and such.Let's not forget that Soyuz are docked in aft of ISS, where they are more protected than the USOS fore side. In fact, all Commercial Crew vehicles are docked with their heat shields pointed fore.

For those who don't know, the way engineers assess risk is with Risk Priority Number spreadsheets. Basically the risk is broken down into 3 parts: the possible Severity of the risk, the Frequency or Occurrence of the risk, and the ability to Detect or Prevent the risk. Each part is given a number between 1 and 10, one being the least and 10 the most. These numbers are then multiplied together, with the final number assessing the risk on a scale of 1-1000. Then risks with the highest numbers are given the highest priority for correction or reduction.

Wow, that method is just wrong. The range should be from 0 to 10, with any real value in between (a mathematician would have any value between 0 and 1). A way better estimate of the risk is

integral from 0 to m_max integral from 0 to v_max S(m*v²/2)*A*T*P(m,v)*D(m) dm dv

where

A = cross sectional area of spacecraftT = time in orbitm = mass of debrism_max = maximum debris massv = velocity of debrisv_max = maximum debris velocityS(E) = severity as a function of impact energyP(m,v) = mass and velocity debris probability distribution per unit area and unit timeD(m) = Detect or Prevent as a function of debris mass

A good engineer should be able to come up with estimates of these functions.

Quote

We know that MMOD strikes occur on every spaceflight, so that's also a 10.

That would result in an over estimation of the risk. Most impacts are very small which have almost zero risk.

You've never heard of Failure Mode and Effect Analysis (FMEA)?

Logged

"One bit of advice: it is important to view knowledge as sort of a semantic tree -- make sure you understand the fundamental principles, ie the trunk and big branches, before you get into the leaves/details or there is nothing for them to hang on to." - Elon Musk"There are lies, damned lies, and launch schedules." - Larry J

Let's not forget that Soyuz are docked in aft of ISS, where they are more protected than the USOS fore side. In fact, all Commercial Crew vehicles are docked with their heat shields pointed fore.

Yes, and both Boeing and SpaceX will have shielding in place to lower the risk of MMOD damage to the primary heatshield. For Dragon 2 this is a wipple shield (doubling as an aerodynamic brake for the trunk in case of a pad abort/in-flight abort) at the capsule-to-trunk interface. And CST-100 has got a whole service module protecting the primary heatshield.

Again, just because there haven't been catastrophic failures doesn't mean there is no risk.

Literally nobody is saying that. Why do you keep repeating it like someone is?

Quote

The overall risk level is still high because a MMOD strike to a critical system could easily cause loss of crew or vehicle.

Actually, based on the number of LOV (zero) from MMOD damage on a rather large number of flights, this is provably wrong. Depending on your definition of "high", I guess. Certainly the risk level is high compared to flying in an airplane. Compared to the Shuttle risks not associated with MMOD I'd say they are rather low.

Regrettably, that's not how statistics work. The fact that Shuttle had the failures that it had, and not MMOD, might have been by pure chance. There's not enough statistical samples in all Shuttle history to say otherwise.Challenger was a particularly bad example, because at those temperatures it was to fail. It was almost a certainty. Edward Tufte book is more than clear on that. You use statistics for things that are chance, but if you get out of the specified range, you might get into straight certainties.

The statistical chance of a failure mode occurring can be very low, however, the amount of risk of that failure mode will remain the same, i.e., if a MMOD strike makes a direct hit on a critical system, then you're always going to have a bad day, even if that MMOD strike on a critical system only occurs once in a thousand spaceflights. That risk level can only be reduced by engineering solutions to reduce it.

An example of this is where the Shuttle's radiator got additional MMOD shielding and that directly prevented a MMOD strike from damaging a coolant loop that would have caused a mission abort:

"One bit of advice: it is important to view knowledge as sort of a semantic tree -- make sure you understand the fundamental principles, ie the trunk and big branches, before you get into the leaves/details or there is nothing for them to hang on to." - Elon Musk"There are lies, damned lies, and launch schedules." - Larry J

Again, just because there haven't been catastrophic failures doesn't mean there is no risk.

Literally nobody is saying that. Why do you keep repeating it like someone is?

Quote

The overall risk level is still high because a MMOD strike to a critical system could easily cause loss of crew or vehicle.

Actually, based on the number of LOV (zero) from MMOD damage on a rather large number of flights, this is provably wrong. Depending on your definition of "high", I guess. Certainly the risk level is high compared to flying in an airplane. Compared to the Shuttle risks not associated with MMOD I'd say they are rather low.

Regrettably, that's not how statistics work. The fact that Shuttle had the failures that it had, and not MMOD, might have been by pure chance. There's not enough statistical samples in all Shuttle history to say otherwise.Challenger was a particularly bad example, because at those temperatures it was to fail. It was almost a certainty. Edward Tufte book is more than clear on that. You use statistics for things that are chance, but if you get out of the specified range, you might get into straight certainties.

The statistical chance of a failure mode occurring can be very low, however, the amount of risk of that failure mode will remain the same, i.e., if a MMOD strike makes a direct hit on a critical system, then you're always going to have a bad day, even if that MMOD strike on a critical system only occurs once in a thousand spaceflights. That risk level can only be reduced by engineering solutions to reduce it.

An example of this is where the Shuttle's radiator got additional MMOD shielding and that directly prevented a MMOD strike from damaging a coolant loop that would have caused a mission abort:

I'm pretty well aware of minimazing the chance of maximum damage. May be you wanted to answer some other point of mine? I really don't quite follow your post to mine.But as I said above, for minimizing P(LOC), you want to focus on P(LOC|Event). And while MMOD are high, LOC causing MMOD are less. Thus, the correct assesment is not P(MMOD)*LOCseverity, but P(MMOD)*P(LOC|MMOD) and severity of LOC is the same for every problem.In other words, if a LOC would kill the crew and another vaporize it, but the chance of the former is higher than the latter, you should minimize the first before the second, assuming equal mitigation effort/risk.

You can't assure safety even while walking across the street. 1/270 is the standard, if I understood the article, because that's what Orion is supposed to have. That the CC contractors apparently haven't met that 1/270 PBRA is causing concern.

Returning to your original post Jeff. The key to this whole 1/270 thing is this, as mentioned in Chris' article:

Quote

The key will be to refine the MMOD threat data, which is based on historical flight information and may be – due to NASA requirements – overly conservative.

“The MMOD damage analysis depends on the modeling of the environment, which is in many aspects speculative and quite robust,” added the minutes (from ASAP).

“There are discussions regarding gathering additional historical information to determine if the environmental model is perhaps too robust. All answers are yet to be determined.”

It appears that some of the "pain" of this 1/270 number comes from NASA using overly conservative MMOD environmental models.

If NASA gets uppity about it, say the astronauts have to remain suited the whole time. That'll get approval done for the early missions, then the astronaut corp would get mad and say they don't have to wear the suits.

Maybe add a sublimator cooler, too. If that's a major problem.

Logged

Chris Whoever loves correction loves knowledge, but he who hates reproof is stupid.

To the maximum extent practicable, the Federal Government shall plan missions to accommodate the space transportation services capabilities of United States commercial providers. US law http://goo.gl/YZYNt0

"One bit of advice: it is important to view knowledge as sort of a semantic tree -- make sure you understand the fundamental principles, ie the trunk and big branches, before you get into the leaves/details or there is nothing for them to hang on to." - Elon Musk"There are lies, damned lies, and launch schedules." - Larry J

If NASA gets uppity about it, say the astronauts have to remain suited the whole time. That'll get approval done for the early missions, then the astronaut corp would get mad and say they don't have to wear the suits.

That only protects against LOC from pressure vessel penetration, other factors could also result in LOC that the suits wouldn't help.

If NASA gets uppity about it, say the astronauts have to remain suited the whole time. That'll get approval done for the early missions, then the astronaut corp would get mad and say they don't have to wear the suits.

That only protects against LOC from pressure vessel penetration, other factors could also result in LOC that the suits wouldn't help.

Another major one is loss of coolant. Why did you edit out the sublimator part?

pressure vessel penetration is probably the biggest one, since if that happens, there's not a lot you can do if you're not suited up. With the other things, there are options, provided you're in a somewhat stable orbit (which you will be 99.9% of the time)

Logged

Chris Whoever loves correction loves knowledge, but he who hates reproof is stupid.

To the maximum extent practicable, the Federal Government shall plan missions to accommodate the space transportation services capabilities of United States commercial providers. US law http://goo.gl/YZYNt0

If NASA gets uppity about it, say the astronauts have to remain suited the whole time. That'll get approval done for the early missions, then the astronaut corp would get mad and say they don't have to wear the suits.

That only protects against LOC from pressure vessel penetration, other factors could also result in LOC that the suits wouldn't help.

Another major one is loss of coolant. Why did you edit out the sublimator part?

pressure vessel penetration is probably the biggest one, since if that happens, there's not a lot you can do if you're not suited up. With the other things, there are options, provided you're in a somewhat stable orbit (which you will be 99.9% of the time)

Pressure vessel penetration is probably not the biggest one. Pressure vessels tend to be well-protected. Other systems not so much. Spacecraft repair in-orbit is difficult.